Intercept : Policy As Code Static Analysis Auditing

Intercept stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a cross-platform weaponized ripgrep.

Features

  • Policy as Code
  • Fine-grained regex policies
  • Multiple enforcement levels
  • Static Analysis, no daemons
  • Low footprint, self-updatable binary
  • Easy to integrate on any CI/CD Pipeline
  • Declarative form policies / reduced complexity
  • No custom policy language

Policy As Code

Policy as code is the idea of writing code to manage and automate policies. By representing policies as code in YAML files, proven software development best practices can be adopted such as version control, automated testing, and automated deployment.

How It Works?

  • intercept CLI binary
  • policies YAML file

Intercept merges environment flags, policies YAML and optional exceptions YAML to generate a global config. It recursively scans a target path for policy breaches against your code and generates a human-readable detailed output of the findings.

Also Read – RMS : Runtime Mobile Security

Example Output

Use Cases

  • Reduced complexity Hashicorp Sentinel drop-in alternative. Policies are just regular expressions, does not use a custom policy language.
  • Do you find Open Policy Agent rego files too much sugar for your pipeline?
  • Captures the patterns from git-secrets and trufflehog and can prevent sensitive information to run through your pipeline. (trufflehog regex)
  • Identifies policy breach (file path and line numbers), reports solutions/suggestions to its findings making it a great tool to ease onboarding developer teams to your unified deployment pipeline.
  • Can enforce style-guides, coding-standards, best practices and also report on suboptimal configurations.
  • Can collect patterns or high entropy data and output it in multiple formats.
  • Anything you can crunch on a regular expression can be actioned on.

Latest Release

  • Standard package (intercept + ripgrep) for individual platforms
    • intercept-rg-linux.zip
    • intercept-rg-macos.zip
    • intercept-rg-win.zip
  • Clean package (intercept only) for individual platforms
    • core-intercept-linux.zip
    • core-intercept-macos.zip
    • core-intercept-win.zip
  • Full package (intercept + ripgrep) for all platforms
    • x-intercept.zip
  • Package needed to fully use the Makefile
    • setup-buildpack.zip
  • Package of the latest compatible release of ripgrep (doesn’t include intercept)
    • i-ripgrep-linux.zip
    • i-ripgrep-macos.zip
    • i-ripgrep-win.zip
Download

R K

Share
Published by
R K
Tags: Intercept
5 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago